Mailing List ecs-isp@2rosenthals.com Archived Message #1326 previous message next message back to list

From: "Lewis G Rosenthal" <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Subject: SSL cert lifetime
Date: Thu, 14 May 2026 11:40:26 -0400
To: eCS-ISP <ecs-isp@2rosenthals.com>

Thought I'd share this bit of news from Starfield Tech regarding cert lifetimes. I am assuming this will pertain to all CAs over the next few years.

8<-------------------- snip -------------------->8

The entire SSL Industry is undergoing a requirement to shorten SSL/TLS validity duration from 398 days to 47 days. The first phase has started and validity is now 200 days. This will again change to 100 days by March 2027 and finally to 47 days by March 2029.

What does this mean for you? Instead of re-installing your certificate 1x per year, that frequency will begin to increase. Starting later this year in approximately 180-200 days you'll need to repeat this action - and then again more frequently in 2027 through 2029.

8<-------------------- snip -------------------->8

Oh, joy.

Further details are given in this "handy" article on their site:

https://www.secureserver.net/help/why-are-ssl-certificate-validity-periods-changing-42816

The whole argument about shorter cert lives being more secure is a tough one for me, given the availability of OCSP stapling and other validation/revocation methods. Oh, well.

--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC                www.2rosenthals.com
visit my IT blog                www.2rosenthals.net/wordpress
-------------------------------------------------------------
Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster